Skip to content
Passwordless authentication helpers for Guardian.
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
config Downsize! Oct 31, 2017
lib A little bit of formatting Jan 12, 2018
test Support extra params Nov 9, 2017
.gitignore mix new Nov 19, 2016
.travis.yml Check for compiler warnings on build Jan 12, 2018
LICENSE.txt Change licence owner Oct 31, 2017 Setup travis Jan 12, 2018
mix.exs Bump guardian to 1.0 and bump our version to 1.0 Jan 12, 2018
mix.lock Bump guardian to 1.0 and bump our version to 1.0 Jan 12, 2018

SansPassword Build Status

Passwordless authentication helpers for Guardian.

Take a look at the demo app.


Add sans_password to your list of dependencies in mix.exs:

def deps do
  [{:sans_password, "~> 1.0.0-beta"}]

Next, follow Guardian's installation instructions to setup a Guardian module.

Now, you should have a Guardian module, so you can sprinkle in SansPassword.

defmodule MyApp.Guardian do
  use Guardian, otp_app: :my_app
  use SansPassword


  @impl true
  def deliver_magic_link(user, magic_token, extra_params) do
    |> MyMailer.magic_link_email(magic_token, extra_params)
    |> MyMailer.deliver

SansPassword uses two token types:

  • magic - This token will be sent to your users in an email. They are very short-lived and will be sent to your users via email. This token will be included in the "magic link" to your app.
  • access - This token will allow your users to request content from your app.

This part is VERY important, you need to configure the TTLs for the token types that SansPassword uses:

config :guardian, MyApp.Guardian,
  secret_key: "super secret key",
  issuer: "my_app",
  token_ttl: %{
    "magic" => {30, :minutes},
    "access" => {1, :days}


SansPassword provides just a few convenience functions.

# We'll assume you have a user record
{:ok, user} = Repo.insert(%User{email: ""})

# Send a login link that will allow the user to login
{:ok, magic_token, _claims} = MyApp.Guardian.send_magic_link(user)

# If you're building an API, you'll probably want to convert the magic token to an access token
{:ok, access_token, _claims} = MyApp.Guardian.exchange_magic(magic_token)

# If you're storing sessions, you can sign your users in like this
{:ok, user, _claims} = MyApp.Guardian.decode_magic(magic_token)

Trackable (optional)

To track your users sessions, see guardian_trackable.

Accessing the current user

Under the hood, SansPassword just uses Guardian, so to get the current user, just say:

You can’t perform that action at this time.